To use Cyware you must have cookies enabled. By Registering or Signing in, you agree to our Terms and Privacy Policy. You can also signup using Google Account. We will not use your credentials to import contacts or post anything on your account without your permission.For more info, please see Login FAQ.

Security researchers have discovered hackers are already leveraging Europe's new General Data Protection Regulation (GDPR) to blackmail hackers into paying hefty ransoms to safeguard data. In May, the stringent data privacy law went into effect prompting businesses across the globe to take a closer look at their privacy policies and quickly ensure they are in compliance.

The pressure on firms using or processing EU personal data is further elevated in light of the heft fines for firms who fail to comply - up to €20 million or 4% of annual turnover, whichever is higher.

Hackers are looking to tap into this pressure and fear of data leaks and extort businesses in a new form of cyberattack dubbed "ransomhack".

According to Bulgarian security company Tad Group, this new form of attack differs from regular ransomware attacks since it does not encrypt or hold customer data hostage in return for a steep ransom. Instead, the hackers aim to publicly leak the customers' private records via a public server online unless the ransom is paid.

So far, medium and large-sized Bulgarian companies have been targeted with hackers demanding they pay up the ransom in cryptocurrency. The ransom demands range from $1000 to $20,000 - a seemingly smaller price to pay as opposed to the fines levied under GDPR.

Researchers said the companies targeted have taken steps to ensure GDPR compliance and create policies for data storage and security, but have failed to conduct information security tests or penetration to actually verify if their systems are susceptible to cyberattacks.

Although the landmark GDPR does represent a significant step forward for user data privacy, security and transparency, it also presents new opportunities for cybercriminals to exploit both customers and businesses.

With the added threat of legal action and potential fines under GDPR, companies may be tempted to quietly pay hackers rather than have data breaches and security failings publicly disclosed by them or other parties. Researchers have anticipated cybercriminals could exploit this vulnerability as a new opportunity for digital extortion.

“Cybercriminals could target private data covered by regulation and ask companies to pay an extortion fee rather than risk punitive fines of up to 4% of their annual turnover. Companies will have ransom prices associated with them that cybercriminals can determine by taking publicly available financial details and working out the respective maximum GDPR fines the companies could face. This will drive an increase in breach attempts and ransom demands,” the report read. “We expect GDPR to be used as a social engineering tactic in the same way that copyright violations and police warnings were used in past FAKEAV and ransomware campaigns.”

Patch management, bolstered security systems and practices, regular backups and effective security solutions are crucial as the first line of defense against such threats.

“The current success of ransomware campaigns - especially their extortion element - will prompt cybercriminals looking to make generous profits out of targeting populations that will yield the most return possible," Trend Micro researchers added.

Who we are

Cyware is a first-of-its-kind, comprehensive cyber situational awareness platform, designed to help you stay informed about the latest happenings in the cyber world with expertly curated news stories and updates.

Our Technology

Let IBM's Watson Find the Right News For You

The cyber threat landscape is changing rapidly, and cybersecurity news has claimed its spot on the front pages in recent months. It's not easy to find the right information from tens of thousands of cyber news articles and feeds published every day. Our machine learning based curation engine brings you the most relevant cyber content based on your needs.

Receive Daily Cyber News in Your Inbox

From the latest cyber security trends and innovations to new malware, vulnerabilities and threat intelligence, we bring you the most up-to date and relevant cyber updates and news alerts.